2020 is the year where most businesses and organizations transition from a traditional workplace environment to remote working or work from home environments. As a result, communication, collaboration and productivity tools has become essential. Microsoft has been leading the digital transformation charge especially during this period evident by the massive adoption of Microsoft Teams, growing from 20 million users in November 2019 to 115 million in November 2020.
With everyone sharing files, information, data using platforms such as Microsoft 365, it is now more important than ever that we keep these information backed up and archived. Protecting your business data not just to malicious, but also accidental deletions from employees. Microsoft even specifically mention in their service agreement (https://www.microsoft.com/en-us/servicesagreement) that “Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”
Retention ≠ Backup
A common misconception that many users have is that Microsoft backs up their data, however, what Microsoft have is a “Retention Policy” and not a “Backup Policy”.
What Microsoft does, is simply preserving deleted files and email for a set amount of time in their “Recycle Bin” before eventually permanently deleting them to free up
Even in their service agreement, Microsoft encourages the use of 3rd party apps and services to regularly backup Your contents and data.
Regulation & Compliance
If your firm is in a regulated industry like Finance, Healthcare or Legal, you may have regulations and requirements for access to data that goes well beyond what standard retention or backups can offer. HIPPA, GDPR, Can-Spam and other regulations often require firms to keep complete and accurate records of email, attachments, files and related information for many years. In addition, if your firm uses email to communicate with European Union prospects, customers and business partners, you must comply with GDPR (General Data Protection Regulation) privacy and data access mandates. Failure to do so could cost a firm up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher. Dropsuite GDPR Responder can help you Classify, Discover, Review, Take Action and Report on GDPR requests.
Ransomware can affect emails
All of us are familiar with ransomware, especially after 2017 where many businesses and over 300,000 machines were impacted and took down by WannaCry alone. Since then, many businesses learned that the best way to protect yourself against Ransomware is to have a full and complete backup and archives of all your data.
What most are not aware of unfortunately, is that Ransomware can also affect emails in Microsoft 365. Also known as Ransom-Cloud, KnowBe4's Chief Hacking Officer Kevin Mitnick demonstrates how this new strain of ransomware works.